Microsoft says compromise of its engineer's account led to Chinese hack of US officials


Raphael Satter
Wed, September 6, 2023

Man holds laptop computer as cyber code is projected on him in this illustration picture
In this article:


By Raphael Satter

WASHINGTON (Reuters) -The recently disclosed Chinese hack of senior officials at the U.S. State and Commerce departments stemmed from the compromise of a Microsoft engineer's corporate account, Microsoft Corp said in a blog post on Wednesday.

Microsoft said the engineer's account had been penetrated by a hacking group it dubs Storm-0558, which is alleged to have stolen hundreds of thousands of emails from top American officials including Commerce Secretary Gina Raimondo, U.S. Ambassador to China Nicholas Burns and Assistant Secretary of State for East Asia Daniel Kritenbrink.

The blog post addressed some unanswered questions around the incident, which drew fresh scrutiny to Microsoft's security and led to calls to investigate the company's practices.

Notably, the post explained how hackers were able to extract a cryptographic key from the engineer's account and use it to access email accounts that it should not have given them access to.

Microsoft said it had fixed the flaws that led to the key being accessible from the unidentified engineer's account which gave the hackers such wide latitude to steal emails. A Microsoft representative said the engineer's account had been hit using "token-stealing malware" but did not provide further detail about the incident or its timing.

The Chinese Embassy in Washington did not immediately return an email. Beijing has previously described the allegation that it stole emails from top U.S. officials as "groundless narratives."

(Reporting by Raphael Satter; editing by Jonathan Oatis, Sandra Maler and David Gregorio)